WAF bypasses tips --- % u encoding

Common URL encodings include UTF (% xx) and hexadecimal encoding (% xx). Most IDS and WAF can be identified and decoded before regular matching. However, in addition to the two types of encoding, the IIS web server also supports another non-standard encoding, namely, % u Encoding (% uxxxx ). For more information, see the original document. I have to say that some technologies will not be old. The key is that you do not care. That is to say, the request abc. as % u0070 is actually the request abc. asp. In this case, it is a Bypass Method in the IIS environment. If your waf cannot be clear.
 
The following is a modified ruby script that can convert characters to the % u Encoding above.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108

require 'uri' def unicode_url(string)   lookuptable = Hash.new   lookuptable ={ ''=> '% U0020', '/'=> '% U002f', '\\'=> '% U005c', "'"=> '%u0027', '"'=> '% U0022', '>'=> '% U003e', '<'=> '% U003c', '#'=> '% U0023', '! '=> '% U0021', '$'=> '% U0024', '*'=> '% U002a', '@'=> '% U0040', '.'=> '% U002e', '_'=> '% U0095', '('=> '% U0028', ')'=> '% U0029', ','=> '% U002c', '%'=> '% U0025', '-'=> '% U002d', ';'=> '% U003b', ':'=> '% U003a', '|'=> '% U007c', '&'=> '% U0026', '+'=> '% U002b', '='=> '% U003d', 'A'=> '% U0061', 'A'=> '% U0041', 'B'=> '% U0062', 'B'=> '% U0042', 'C'=> '% U0063', 'C'=> '% U0043', 'D'=> '% U0064', 'D'=> '% U0044', 'E'=> '% U0065', 'E'=> '% U0045', 'F'=> '% U0066', 'F'=> '% U0046', 'G'=> '% U0067', 'G'=> '% U0047', 'H'=> '% U0068', 'H'=> '% U0048', 'I'=> '% U0069', 'I'=> '% U0049', 'J'=> '% U006a', 'J'=> '% U004a', 'K'=> '% U006b', 'K'=> '% U004b', 'L'=> '% U006c', 'L'=> '% U004c', 'M'=> '% U006d', 'M'=> '% U004d', 'N'=> '% U006e', 'N'=> '% U004e', 'O'=> '% U006f', 'O'=> '% U004f', 'P'=> '% U0070', 'P'=> '% U0050', 'Q'=> '% U0071', 'Q'=> '% U0051', 'R'=> '% U0072', 'R'=> '% U0052', 'S'=> '% U0073', 'S'=> '% U0053', 'T'=> '% U0074', 'T'=> '% U0054', 'U'=> '% U0075', 'U'=> '% U0055', 'V'=> '% U0076', 'V'=> '% U0056', 'W'=> '% U0077', 'W'=> '% U0057', 'X'=> '% U0078', 'X'=> '% U0058', 'Y'=> '% U0079', 'Y'=> '% U0059', 'Z'=> '% U007a', 'Z'=> '% U005a', '0'=> '% U0030', '1'=> '% U0031', '2'=> '% U0032', '3'=> '% U0033', '4'=> '% U0034', '5'=> '% U0035', '6'=> '% U0036', '7'=> '% U0037', '8'=> '% U0038', '9'=> '% U0039'}   # Convert string to array of chars   chararray = string.scan(/./)   newstr = String.new   chararray.each do |c|           if lookuptable.has_key? c                   newstr = newstr + lookuptable[c]           else                   newstr = newstr + URI.escape(c)           end   end   return newstr end print "Enter string to URL Unicode :" puts unicode_url(gets)

Ps: www.2cto.com feels that the code is very powerful in many places, but it is still in the fuzzy stage.